PolySpace for C

A new approach

PolySpace allows you to detect run-time errors andconcurrent accesses on shared data automatically veryearly in the development process without testing.

It statically analyses the dynamics of software applicationsby relying solely on the source code.

• No test cases to write;• No modification of the code;• No application execution necessary.

In contrast to dynamic testing, PolySpace automatically anddirectly highlights causes of run-time errors in the source code(therefore, no debugging).

The net result is a drastic reduction in softwaredevelopment costs by dramatically reducing the need fortesting and debugging.

Do you want to reduce your coding and testing effort?

List of operations causing Runtime Errors with macro expansion and filters for quickly focusing on the mostcritical errors. Each operation checked is displayed using a meaningful colour scheme and related diagnostic:Red Errors which occur at every execution,Green Error conditions that will never occur,Orange Warning – an error may occur sometimes,Gray Shows unreachable (dead) code. Coloured source code using

the PolySpace scheme.

Diagnostic for each Runtime Error detectedfor a quick understanding of the errors.

The industrial challenge

Embedded systems are at the heart of the world’s mostcritical applications and assuring their reliability is ofparamount concern. The increase in size and complexity ofcurrent applications results in rising testing costs. It alsohighlights the limitations of available tools and methods.

Indeed, when it comes to finding runtime errors, classicalmethods are inadequate. For example, tools that computemetrics or enforce the use of coding rules may help inintroducing fewer bugs during the coding but will not actuallyfind bugs. Dynamic testing, which is of undisputable valuefor functional validation, only catches anomalies when theysurface during test case execution. Furthermore, withtraditional approaches, every error detected during programexecution requires hours, days, even weeks of debugging.

Today’s applications require a new generation testingsolution that is capable of improving software qualitywhile reducing the usual costs associated with such efforts.

Runtime Errors detected

Run-time errors are faults whose consequences includeprocessor halt, data corruption or security breaches.They are latent faults that generally surface duringexecution. They have a major business impact: testinggoes over budget, delayed releases, service disruptionsduring operation (e.g. sending uncontrolled commandsto external devices).

Errors detected by PolySpace include:• Read access to non-initialized data

(variables and function return values);• De-referencing through null

and out-of-bounds pointers;• Out-of-bounds array access; • Invalid arithmetic operations such as

division by zero, sqrt(negative number);• Overflow / underflow on arithmetic operations

for integers and floating point numbers;• Dangerous type conversions

e.g. long � short, float � int;• Access conflicts for data shared between threads.

PolySpace also detects:• Non-terminating function calls and loops;• Unreachable code (dead code).

Benefits

PolySpace brings both quality and productivity improvementsfor developers of embedded applications as well as for qualityassurance engineers.

PolySpace Developer EditionDevelopers benefit from an early detection of errors – beforeany testing – which is the key and crucial element to reducingtesting and debugging times. PolySpace offers the earliest andfirst automatic detection of run-time errors at compilationtime. Indeed, you just have to click on a source code file toget immediate results on your workstation. With no testcases to write, no instrumentation or execution of theapplication, PolySpace produces immediate savings. Theerrors that PolySpace finds early in development wouldinvolve appreciable debugging time if detected later duringthe test phase. Furthermore, performing functional tests ona module analysed by PolySpace becomes much easier thanksto more robust source code. So, why spend time debuggingruntime errors when PolySpace would have detected themearlier and automatically?

PolySpace Auditor EditionQuality Assurance Engineers get a reliable assessment of thequality of software applications, which is a key issue intoday’s supplier/end user relationship. PolySpace offers a wayto improve the quality of software applications automatically,by drastically reducing the number of bugs that can surfaceduring late system test after code freeze as well as at the end-users site. PolySpace provides fast, repeatable and low costacceptance criteria for software applications. It is suitable forboth internal quality control performed by an independentvalidation and verification team as well as to assess outsourceddevelopment and test activities.

Email: contact@polyspace.comwww.polyspace.com

Static Verification

Static verification of dynamic properties is a well-establishedmethod for representing all possible executions of a givensoftware application, based solely on the source code. The basic idea is to calculate the domain of values eachvariable can take, for each point in the application by applyingmulti-thread, interprocedural and control structures analysis.This technique is used by PolySpace to identify run-timeerrors. This automatic approach makes PolySpace the uniquetesting tool that can statically predict which run-time errorswill affect your application prior to tests and deployment, e.g.

int tab [100] ;int *p = tab ;int i ;for (i = 0 ; i < 100 ; i++, p++) *p = 0 ;*p = 5 ;

The expression *p = 5 ; causes a memory corruption thatis automatically detected by PolySpace. All other testingmethods would request human efforts to catch it (codereview, test execution or code instrumentation).

Supported C Language Features & Software Engineering Standards

PolySpace supports C as defined in the ISO/IEC 9899 : 1990(E) standard. Furthermore PolySpace tools naturally integrate with softwareengineering standards such as MISRA, DO-178B, IEC 61508,CENELEC, FDA, TickIt, CMM, or IEEE 1012. They area means to automate or improve several activities prescribedby these standards such as code evaluations, static analysis,control/data flow analysis, providing definite transition criteriaand avoidance of runtime errors.

PolySpace finds more bugs than classical testing & much faster.

A complete andinteractive Call Tree

is provided fordocumentation and

navigation purposes.Fully exportable to

Excel © format.

Global Data Dictionary including read andwrite access to all global data (pointer and aliasincluded). It also identifies data shared betweenthreads and related protection mechanisms(critical sections, temporal exclusions).Fully exportable to Excel © format.

Access Graph for each Shared Data item:A meaningful and efficient feature showing how threads

access shared data through function calls